The Alumnly Data Breach Policy outlines the procedures and responsibilities for identifying, responding to, and mitigating the effects of data breaches. This policy ensures that data breaches are handled in a timely and efficient manner to minimise harm and comply with regulatory requirements.

1. Data Breach Identification

1.1. Reporting a Data Breach

  • Alumnly users, employees and contractors must report suspected security or data breaches immediately to Alumnly via email or phone. Contact details can be found here
  • Reports should include details of the suspected breach, including the nature of the data involved and the circumstances of the breach.

1.2. Initial Assessment

  • Alumnly conducts an initial assessment to determine whether a data breach has occurred.
  • If a data breach is confirmed, Alumnly initiates the data breach response process.

2. Data Breach Response

2.1. Containment and Mitigation

  • Alumnly takes immediate steps to contain the breach and prevent further unauthorised access or disclosure of data.
  • Measures may include isolating affected systems, revoking access permissions, and applying patches or updates.

2.2. Impact Assessment

  • Alumnly assesses the impact of the data breach, including the type and amount of data involved, the number of affected data subjects, and the potential harm to individuals.
  • The assessment also considers the likelihood of data misuse and the potential for further breaches.

2.3. Notification

  • Alumnly notifies relevant regulatory authorities within the required timeframe.
  • If the breach poses a high risk to individuals, Alumnly communicates with affected data subjects promptly, providing clear and specific information about the breach and any steps they should take to protect themselves.
  • Alumnly documents all actions taken in response to the data breach, including the initial report, containment and mitigation measures, impact assessment, notifications, and follow-up actions.

2.4. Documentation

3. Post-Breach Review

3.1. Root Cause Analysis

  • Alumnly conducts a root cause analysis to identify the underlying causes of the data breach.
  • The analysis helps to identify any weaknesses in security controls or processes that contributed to the breach.

3.2. Remediation

  • Alumnly implements measures to address the root causes of the data breach and prevent future occurrences.
  • Remediation actions may include updating security policies and procedures, enhancing technical controls, and providing additional training to employees.

3.3. Review and Improvement

  • Alumnly reviews the effectiveness of the data breach response process and identifies areas for improvement.
  • Lessons learned from the data breach are incorporated into the Alumnly's data protection strategy and policies.

4. Training and Awareness

  • Regular training is provided to employees and contractors on data protection and data breach response procedures.
  • Awareness campaigns are conducted to ensure that all staff understand their responsibilities in reporting and responding to data breaches.

5. Compliance and Monitoring

  • Alumnly monitors compliance with this policy and conducts regular audits to ensure that data protection practices are followed.